Security Advisory

CVE-2026-35545

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-03 04:02:06

Last updated 2026-04-03 15:36:13

Assigner mitre

State PUBLISHED

Description

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke.

← Browse all CVEs View on cve.org ↗